A check will fail if the context passed in is not a native context.
Change the code to get the native context from the passed context.
Bug: chromium:804288
Change-Id: Iad314a3dd170355cf524b9230a692a6329564f8a
Reviewed-on: https://chromium-review.googlesource.com/878324
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50761}
Immediate::is_zero already checks the reloc info to be none, so the
additional check is redundant.
R=tebbi@chromium.org
Change-Id: I3ec91fe60e8c659b2f38fda0123784a69e4bcbe9
Reviewed-on: https://chromium-review.googlesource.com/878321
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50760}
Tag RelocInfo which belongs to native wasm code, and fix printing to
not try to access the Code object for CODE_TARGET, but rather just
print "(wasm trampoline)".
Bug: chromium:801785
R=mstarzinger@chromium.org
Change-Id: I84a37f0c48ed7397cccf677b4d0f0352e5aceb9d
Reviewed-on: https://chromium-review.googlesource.com/875271
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50758}
Suspend points (inside generators and async functions) have slightly
funky semantics when it comes to liveness, as they save and restore a
chunk of the register file as-is. In particular, this means that
granular liveness information is lost, as it is assumed that all
registers in that chunk of the register file are live in a suspend.
Rather than marking that entire chunk of register as live/dead in
suspend/restore, we can instead pattern-match the set of bytecodes in a
suspend point, and propagate liveness across them. This tightens
liveness estimates, and could be used to optimize which values TurboFan
actually saves when suspending.
Bug: chromium:798137
Change-Id: I5840cdbfc2c6edb1d3a48cf025f52615b629cdfc
Reviewed-on: https://chromium-review.googlesource.com/848895
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50757}
This CL adds support for indirect calls.
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ia29b87fa1f7be873cd722f934b8007c38794dceb
Reviewed-on: https://chromium-review.googlesource.com/877884
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50756}
This fixes a corner-case with lazy compilation in WebAssembly where
native-heap code did not expect to see WASM-to-JS wrappers in tables.
R=clemensh@chromium.org
TEST=mjsunit/regress/wasm/regress-803788
BUG=chromium:803788
Change-Id: Ie44b5c9efe2b171e1915295bb95d6cb61dfab3dc
Reviewed-on: https://chromium-review.googlesource.com/878262
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50755}
This is added only to uniformly call all tools by the infra side.
NOTRY=true
TBR=sergiyb@chromium.org
Bug: v8:6917
Change-Id: I85a14ea51abfe1bfc775fd73d2fee02bfb2fb31e
Reviewed-on: https://chromium-review.googlesource.com/878361
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50754}
This adds flags to numfuzz for rerunning flaky tests and for storing
json test results. With those flags added, the infra-side can call
numfuzz with the same API as the standard test-runner.
TBR=sergiyb@chromium.org
Bug: v8:6917
Change-Id: I02d1cd02d90677c83f10e072383f3650c041cab1
Reviewed-on: https://chromium-review.googlesource.com/877890
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50753}
Array.prototype.reduce[Right] used a lazy deoptimization frame
state for an eager deopt point.
Bug: v8:7336, chromium:804096
Change-Id: I720f9e049bd6b396e025fa59192fdbc6b4f18647
Reviewed-on: https://chromium-review.googlesource.com/878120
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Daniel Clifford <danno@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50752}
This is the V8 side change of crrev.com/c/876103.
Message:
It can happen that WebAssembly.compileStreaming gets aborted when we
are not allowed to execute JavaScript code, and therefore are also not
allowed to reject the promise returned by WebAssembly.compileStreaming.
This can happen e.g. when the Chrome tab gets refreshed, which aborts
all downloads.
With this CL we do not pass a reason to Abort if we are not allowed to
execute JavaScript code. On the V8 side we can check the reason passed
to Abort and do not reject the promise if there is no reason passed.
CC=mtrofin@chromium.orgR=titzer@chromium.org
Bug: chromium:803838
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: Ie5cc85c72b60383e9221318c18a4e1812d230692
Reviewed-on: https://chromium-review.googlesource.com/876091
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50749}
Instead of requiring the pattern that a SuspendGenerator must be
followed by a Return, make SuspendGenerator return directly. This can,
in the future, simplify some of the reasoning around generator suspends.
Change-Id: I94c0156a89dc0e1c0bc306bc57acf766f3b4deb5
Reviewed-on: https://chromium-review.googlesource.com/857463
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50748}
This reverts commit 03e9d415c2.
Reason for revert: Correctness issues, see https://crbug.com/804159.
Bug: chromium:804159
Original change's description:
> Reland: Reimplement Object.entries/values as CSA to optimize performance.
>
> Add Object.entries/values builtins to debug-evaluate.cc whitelist macro.
> This fix revert commit of https://chromium-review.googlesource.com/c/v8/v8/+/859937
> Original is https://chromium-review.googlesource.com/c/v8/v8/+/810504
> >> Reimplements Object.entries/values as CSA to optimize performance. See more detail about https://bugs.chromium.org/p/v8/issues/ Issue 6804.
>
> This reverts commit 1b49f725ac.
>
> Bug: v8:6804
> Change-Id: I57e8b66e1c4ece2abb52e1630a97fbfd4070d810
> Reviewed-on: https://chromium-review.googlesource.com/860679
> Commit-Queue: Yang Guo <yangguo@chromium.org>
> Reviewed-by: Yang Guo <yangguo@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#50492}
TBR=yangguo@chromium.org,cbruni@chromium.org,jgruber@chromium.org,ishell@chromium.org,brn@b6n.ch
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: v8:6804
Change-Id: I39b1854ca7c2f57819ba377f84560356d3756bfb
Reviewed-on: https://chromium-review.googlesource.com/877886
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50746}
These functions are duplicated in module-compiler.cc and therefore
cause jumbo build failures. It looks like this is planned to be
refactored later by titzer. So let's just give them new names for
now, to unbreak jumbo builds.
Bug: v8:7316
Change-Id: I4ba0c8dcc8474a4b02a47c16f2da77650861cfe4
Reviewed-on: https://chromium-review.googlesource.com/877279
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Mostyn Bramley-Moore <mostynb@vewd.com>
Cr-Commit-Position: refs/heads/master@{#50743}
The fields are private, so prepend them with "_".
Drive-by: Replace std::map by std::unordered_map and avoid one
redundant lookup in this map.
R=titzer@chromium.org
Change-Id: Id4aad9bb36ec84daf581a79852d56895fc05429d
Reviewed-on: https://chromium-review.googlesource.com/877882
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50742}
The fields in StackTransferRecipe were public some time ago. Now they
are private, so prepend them with "_".
R=titzer@chromium.org
Bug: v8:6600
Change-Id: Ibb94841871fce4c8eca02cb3c369465183bfa5e0
Reviewed-on: https://chromium-review.googlesource.com/877881
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50741}
Some header files were removed from the source but the change was not
reflected to v8.gyp.
Bug: v8:6600
Change-Id: I9f952835ea9de36bbc889efb50d63482c10f893f
Reviewed-on: https://chromium-review.googlesource.com/877879
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50739}
1. Fix infinite loop caused by time based fuzzing
2. Shallow copy of the result to avoid dropping output
by different processor.
Bug: v8:6917
Change-Id: Icf823e853be9d3cc8dfd46ed2fb954979bf02d2f
Reviewed-on: https://chromium-review.googlesource.com/877761
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Sergiy Byelozyorov <sergiyb@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50737}
A map’s `constructor_or_backpointer` can be any kind of value,
because `fn.prototype = foo` sets that field to `foo` if the
latter is not a `JSReceiver`; so the `DCHECK` that is being
removed here was invalid.
Refs: https://github.com/nodejs/node/issues/18223
Bug: node:18223
Change-Id: Ia6449c07bb724e515d73b162369ab36ab1d89c6b
Reviewed-on: https://chromium-review.googlesource.com/874472
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50735}
Samples taken during deoptimization require care in the stack walk
used to gather frames. The top N stack frames may not have JSFunction
objects in place, because those frames represent inlined functions
which may not have closures yet.
Bug: v8:7314
Change-Id: Ib6488aee46a47d5341cab1b1c9c3851592ba6509
Reviewed-on: https://chromium-review.googlesource.com/870036
Commit-Queue: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Ali Ijaz Sheikh <ofrobots@google.com>
Cr-Commit-Position: refs/heads/master@{#50732}
If an entry may have side effects (non-fast JS Array), restart and add all entries in slow path.
- Move allocating and setting table into AddConstructorEntries.
- Move handling non-object map entries into LoadKeyValue.
- AddConstructorEntry and LoadKeyValue go to a label when adding a map entry may have side effects.
Bug: chromium:798026, chromium:799364
Change-Id: I3c28594fc4a8379a106413e19e6df9e83eeb5278
Reviewed-on: https://chromium-review.googlesource.com/874786
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Peter Wong <peter.wm.wong@gmail.com>
Cr-Commit-Position: refs/heads/master@{#50729}
The tests currently time out due to too many deopt points and hence too many
tests generated.
TBR=sergiyb@chromium.org
Bug: v8:6900
Change-Id: I0998097024a4ed9c087728bb5ef288ab17d3371e
Reviewed-on: https://chromium-review.googlesource.com/876322
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50727}
When the array created would exceed the maximum size for a regular heap
object, instead create it using Runtime::kNewArray directly rather than
via AllocateJSArray.
Bug: chromium:803750
Change-Id: I78cd82edf5a813a2ed69272361e0ca07f864c5ba
Reviewed-on: https://chromium-review.googlesource.com/876011
Commit-Queue: Dan Elphick <delphick@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50726}
This avoids the call to the StringCharCodeAt builtin from
within TurboFan optimized code and instead emits a loop
that does the character load. This (together with previously
reverted CL to the JSCallReducer) almost completely recovers
the performance regression caused when we shipped TurboFan.
Without untrusted code mitigations the benchmark goes from
580ms to roughly 490ms, and with the patch to the JSCallReducer
the time goes down to 280ms, which is very close to what we
had with Crankshaft.
This also renames the LoadFromString helper method in the
EffectControlLinearizer to LoadFromSeqString to make it
clear what it does.
Bug: v8:7326
Change-Id: I6c77209ae01a3eacbd1e8fd40e4ad842eaf1999a
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Reviewed-on: https://chromium-review.googlesource.com/876102
Commit-Queue: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50725}
This adds the benchmarks suite to the deopt fuzzer and removes the
obsolete deopt configs, which since a while are part of the num-fuzz
configs.
TBR=sergiyb@chromium.org
Bug: v8:6900
Change-Id: I9202e2a66a132eca5940b4444fda97816b034e54
Reviewed-on: https://chromium-review.googlesource.com/876085
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50720}
This is the implementation of crrev.com/c/866721 for mips and mips64.
Drive-by change: I made the slot index calculation on mips the same as
on mips64.
Original description:
At the moment the slot index is encoded in the opcode. This, however,
sets an upper limit the slot index which is lower than what we want to
have (i.e. < 512). With this change we pass the slot index as an
immediate operand, which does not impose limits on the value it
contains.
R=v8-mips-ports@googlegroups.com
Change-Id: I46219b07962eadd174f418cba1ea38b07f9b5e96
Reviewed-on: https://chromium-review.googlesource.com/866723
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ivica Bogosavljevic <ivica.bogosavljevic@mips.com>
Cr-Commit-Position: refs/heads/master@{#50719}
Until now, String.prototype.{trimLeft,trimRight} were non-standard
language extensions, required for Web compatibility.
The proposal at https://github.com/tc39/proposal-string-left-right-trim
standardizes this functionality as String.prototype.{trimStart,trimEnd},
and defines String.prototype.{trimLeft,trimRight} as aliases for
backwards compatibility.
This patch implements that proposal behind the --harmony-string-trimming
flag.
Bug: v8:6530
Change-Id: Id21e624c12a79e6b782efb049a48901b9da7db71
Reviewed-on: https://chromium-review.googlesource.com/867044
Commit-Queue: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Sathya Gunasekaran <gsathya@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50717}
This is the first step towards getting rid of GYP configs.
R=machenbach@chromium.org
Bug: v8:7335
Change-Id: I688a9ff7a09c7cac67cfef8d74a893f2a6d00a8c
Reviewed-on: https://chromium-review.googlesource.com/876122
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50716}
